We're using MSAL.js 1.3.2 for interacting with Azure AD B2C for a Vuejs SPA. MSAL.js config is set to use session storage for storing its cache. As per the documentation (https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-sso#sso-between-browser-tabs) session is not allowed to be shared between different tabs when using session storage. But, when a new tab is opened existing session is being used to sign in the user automatically. We've used 'prompt = login' parameter to suppress this behavior. While this helps us to ensure that the user has to sign in manually when a new tab is opened, we're now noticing an issue with token renewal.
Here's the scenario -
Login with Account 1 in the Tab 1.
Open a new tab (Tab 2) and Login with Account 2.
Now, in Tab 1 make a token renewal request using acquireTokenSilent() with client id as the scope - this is returning a new token with Account 2's Object ID as the Subject. (which means it is renewing the token for Account 2 instead of Account 1)
How do we suppress/control this behavior?